1 /* 2 * libjingle 3 * Copyright 2008, Google Inc. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #if HAVE_OPENSSL_SSL_H 29 30 #include "talk/base/openssladapter.h" 31 32 #if defined(POSIX) 33 #include <unistd.h> 34 #endif 35 36 // Must be included first before openssl headers. 37 #include "talk/base/win32.h" // NOLINT 38 39 #include <openssl/bio.h> 40 #include <openssl/crypto.h> 41 #include <openssl/err.h> 42 #include <openssl/opensslv.h> 43 #include <openssl/rand.h> 44 #include <openssl/ssl.h> 45 #include <openssl/x509v3.h> 46 47 #if HAVE_CONFIG_H 48 #include "config.h" 49 #endif // HAVE_CONFIG_H 50 51 #include "talk/base/common.h" 52 #include "talk/base/logging.h" 53 #include "talk/base/sslroots.h" 54 #include "talk/base/stringutils.h" 55 56 // TODO: Use a nicer abstraction for mutex. 57 58 #if defined(WIN32) 59 #define MUTEX_TYPE HANDLE 60 #define MUTEX_SETUP(x) (x) = CreateMutex(NULL, FALSE, NULL) 61 #define MUTEX_CLEANUP(x) CloseHandle(x) 62 #define MUTEX_LOCK(x) WaitForSingleObject((x), INFINITE) 63 #define MUTEX_UNLOCK(x) ReleaseMutex(x) 64 #define THREAD_ID GetCurrentThreadId() 65 #elif defined(_POSIX_THREADS) 66 // _POSIX_THREADS is normally defined in unistd.h if pthreads are available 67 // on your platform. 68 #define MUTEX_TYPE pthread_mutex_t 69 #define MUTEX_SETUP(x) pthread_mutex_init(&(x), NULL) 70 #define MUTEX_CLEANUP(x) pthread_mutex_destroy(&(x)) 71 #define MUTEX_LOCK(x) pthread_mutex_lock(&(x)) 72 #define MUTEX_UNLOCK(x) pthread_mutex_unlock(&(x)) 73 #define THREAD_ID pthread_self() 74 #else 75 #error You must define mutex operations appropriate for your platform! 76 #endif 77 78 struct CRYPTO_dynlock_value { 79 MUTEX_TYPE mutex; 80 }; 81 82 ////////////////////////////////////////////////////////////////////// 83 // SocketBIO 84 ////////////////////////////////////////////////////////////////////// 85 86 static int socket_write(BIO* h, const char* buf, int num); 87 static int socket_read(BIO* h, char* buf, int size); 88 static int socket_puts(BIO* h, const char* str); 89 static long socket_ctrl(BIO* h, int cmd, long arg1, void* arg2); 90 static int socket_new(BIO* h); 91 static int socket_free(BIO* data); 92 93 static BIO_METHOD methods_socket = { 94 BIO_TYPE_BIO, 95 "socket", 96 socket_write, 97 socket_read, 98 socket_puts, 99 0, 100 socket_ctrl, 101 socket_new, 102 socket_free, 103 NULL, 104 }; 105 106 BIO_METHOD* BIO_s_socket2() { return(&methods_socket); } 107 108 BIO* BIO_new_socket(talk_base::AsyncSocket* socket) { 109 BIO* ret = BIO_new(BIO_s_socket2()); 110 if (ret == NULL) { 111 return NULL; 112 } 113 ret->ptr = socket; 114 return ret; 115 } 116 117 static int socket_new(BIO* b) { 118 b->shutdown = 0; 119 b->init = 1; 120 b->num = 0; // 1 means socket closed 121 b->ptr = 0; 122 return 1; 123 } 124 125 static int socket_free(BIO* b) { 126 if (b == NULL) 127 return 0; 128 return 1; 129 } 130 131 static int socket_read(BIO* b, char* out, int outl) { 132 if (!out) 133 return -1; 134 talk_base::AsyncSocket* socket = static_cast<talk_base::AsyncSocket*>(b->ptr); 135 BIO_clear_retry_flags(b); 136 int result = socket->Recv(out, outl); 137 if (result > 0) { 138 return result; 139 } else if (result == 0) { 140 b->num = 1; 141 } else if (socket->IsBlocking()) { 142 BIO_set_retry_read(b); 143 } 144 return -1; 145 } 146 147 static int socket_write(BIO* b, const char* in, int inl) { 148 if (!in) 149 return -1; 150 talk_base::AsyncSocket* socket = static_cast<talk_base::AsyncSocket*>(b->ptr); 151 BIO_clear_retry_flags(b); 152 int result = socket->Send(in, inl); 153 if (result > 0) { 154 return result; 155 } else if (socket->IsBlocking()) { 156 BIO_set_retry_write(b); 157 } 158 return -1; 159 } 160 161 static int socket_puts(BIO* b, const char* str) { 162 return socket_write(b, str, strlen(str)); 163 } 164 165 static long socket_ctrl(BIO* b, int cmd, long num, void* ptr) { 166 UNUSED(num); 167 UNUSED(ptr); 168 169 switch (cmd) { 170 case BIO_CTRL_RESET: 171 return 0; 172 case BIO_CTRL_EOF: 173 return b->num; 174 case BIO_CTRL_WPENDING: 175 case BIO_CTRL_PENDING: 176 return 0; 177 case BIO_CTRL_FLUSH: 178 return 1; 179 default: 180 return 0; 181 } 182 } 183 184 ///////////////////////////////////////////////////////////////////////////// 185 // OpenSSLAdapter 186 ///////////////////////////////////////////////////////////////////////////// 187 188 namespace talk_base { 189 190 // This array will store all of the mutexes available to OpenSSL. 191 static MUTEX_TYPE* mutex_buf = NULL; 192 193 static void locking_function(int mode, int n, const char * file, int line) { 194 if (mode & CRYPTO_LOCK) { 195 MUTEX_LOCK(mutex_buf[n]); 196 } else { 197 MUTEX_UNLOCK(mutex_buf[n]); 198 } 199 } 200 201 static unsigned long id_function() { // NOLINT 202 // Use old-style C cast because THREAD_ID's type varies with the platform, 203 // in some cases requiring static_cast, and in others requiring 204 // reinterpret_cast. 205 return (unsigned long)THREAD_ID; // NOLINT 206 } 207 208 static CRYPTO_dynlock_value* dyn_create_function(const char* file, int line) { 209 CRYPTO_dynlock_value* value = new CRYPTO_dynlock_value; 210 if (!value) 211 return NULL; 212 MUTEX_SETUP(value->mutex); 213 return value; 214 } 215 216 static void dyn_lock_function(int mode, CRYPTO_dynlock_value* l, 217 const char* file, int line) { 218 if (mode & CRYPTO_LOCK) { 219 MUTEX_LOCK(l->mutex); 220 } else { 221 MUTEX_UNLOCK(l->mutex); 222 } 223 } 224 225 static void dyn_destroy_function(CRYPTO_dynlock_value* l, 226 const char* file, int line) { 227 MUTEX_CLEANUP(l->mutex); 228 delete l; 229 } 230 231 VerificationCallback OpenSSLAdapter::custom_verify_callback_ = NULL; 232 233 bool OpenSSLAdapter::InitializeSSL(VerificationCallback callback) { 234 if (!InitializeSSLThread() || !SSL_library_init()) 235 return false; 236 #if !defined(ADDRESS_SANITIZER) || !defined(OSX) 237 // Loading the error strings crashes mac_asan. Omit this debugging aid there. 238 SSL_load_error_strings(); 239 #endif 240 ERR_load_BIO_strings(); 241 OpenSSL_add_all_algorithms(); 242 RAND_poll(); 243 custom_verify_callback_ = callback; 244 return true; 245 } 246 247 bool OpenSSLAdapter::InitializeSSLThread() { 248 mutex_buf = new MUTEX_TYPE[CRYPTO_num_locks()]; 249 if (!mutex_buf) 250 return false; 251 for (int i = 0; i < CRYPTO_num_locks(); ++i) 252 MUTEX_SETUP(mutex_buf[i]); 253 254 // we need to cast our id_function to return an unsigned long -- pthread_t is 255 // a pointer 256 CRYPTO_set_id_callback(id_function); 257 CRYPTO_set_locking_callback(locking_function); 258 CRYPTO_set_dynlock_create_callback(dyn_create_function); 259 CRYPTO_set_dynlock_lock_callback(dyn_lock_function); 260 CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function); 261 return true; 262 } 263 264 bool OpenSSLAdapter::CleanupSSL() { 265 if (!mutex_buf) 266 return false; 267 CRYPTO_set_id_callback(NULL); 268 CRYPTO_set_locking_callback(NULL); 269 CRYPTO_set_dynlock_create_callback(NULL); 270 CRYPTO_set_dynlock_lock_callback(NULL); 271 CRYPTO_set_dynlock_destroy_callback(NULL); 272 for (int i = 0; i < CRYPTO_num_locks(); ++i) 273 MUTEX_CLEANUP(mutex_buf[i]); 274 delete [] mutex_buf; 275 mutex_buf = NULL; 276 return true; 277 } 278 279 OpenSSLAdapter::OpenSSLAdapter(AsyncSocket* socket) 280 : SSLAdapter(socket), 281 state_(SSL_NONE), 282 ssl_read_needs_write_(false), 283 ssl_write_needs_read_(false), 284 restartable_(false), 285 ssl_(NULL), ssl_ctx_(NULL), 286 custom_verification_succeeded_(false) { 287 } 288 289 OpenSSLAdapter::~OpenSSLAdapter() { 290 Cleanup(); 291 } 292 293 int 294 OpenSSLAdapter::StartSSL(const char* hostname, bool restartable) { 295 if (state_ != SSL_NONE) 296 return -1; 297 298 ssl_host_name_ = hostname; 299 restartable_ = restartable; 300 301 if (socket_->GetState() != Socket::CS_CONNECTED) { 302 state_ = SSL_WAIT; 303 return 0; 304 } 305 306 state_ = SSL_CONNECTING; 307 if (int err = BeginSSL()) { 308 Error("BeginSSL", err, false); 309 return err; 310 } 311 312 return 0; 313 } 314 315 int 316 OpenSSLAdapter::BeginSSL() { 317 LOG(LS_INFO) << "BeginSSL: " << ssl_host_name_; 318 ASSERT(state_ == SSL_CONNECTING); 319 320 int err = 0; 321 BIO* bio = NULL; 322 323 // First set up the context 324 if (!ssl_ctx_) 325 ssl_ctx_ = SetupSSLContext(); 326 327 if (!ssl_ctx_) { 328 err = -1; 329 goto ssl_error; 330 } 331 332 bio = BIO_new_socket(static_cast<AsyncSocketAdapter*>(socket_)); 333 if (!bio) { 334 err = -1; 335 goto ssl_error; 336 } 337 338 ssl_ = SSL_new(ssl_ctx_); 339 if (!ssl_) { 340 err = -1; 341 goto ssl_error; 342 } 343 344 SSL_set_app_data(ssl_, this); 345 346 SSL_set_bio(ssl_, bio, bio); 347 SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE | 348 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); 349 350 // the SSL object owns the bio now 351 bio = NULL; 352 353 // Do the connect 354 err = ContinueSSL(); 355 if (err != 0) 356 goto ssl_error; 357 358 return err; 359 360 ssl_error: 361 Cleanup(); 362 if (bio) 363 BIO_free(bio); 364 365 return err; 366 } 367 368 int 369 OpenSSLAdapter::ContinueSSL() { 370 ASSERT(state_ == SSL_CONNECTING); 371 372 int code = SSL_connect(ssl_); 373 switch (SSL_get_error(ssl_, code)) { 374 case SSL_ERROR_NONE: 375 if (!SSLPostConnectionCheck(ssl_, ssl_host_name_.c_str())) { 376 LOG(LS_ERROR) << "TLS post connection check failed"; 377 // make sure we close the socket 378 Cleanup(); 379 // The connect failed so return -1 to shut down the socket 380 return -1; 381 } 382 383 state_ = SSL_CONNECTED; 384 AsyncSocketAdapter::OnConnectEvent(this); 385 #if 0 // TODO: worry about this 386 // Don't let ourselves go away during the callbacks 387 PRefPtr<OpenSSLAdapter> lock(this); 388 LOG(LS_INFO) << " -- onStreamReadable"; 389 AsyncSocketAdapter::OnReadEvent(this); 390 LOG(LS_INFO) << " -- onStreamWriteable"; 391 AsyncSocketAdapter::OnWriteEvent(this); 392 #endif 393 break; 394 395 case SSL_ERROR_WANT_READ: 396 case SSL_ERROR_WANT_WRITE: 397 break; 398 399 case SSL_ERROR_ZERO_RETURN: 400 default: 401 LOG(LS_WARNING) << "ContinueSSL -- error " << code; 402 return (code != 0) ? code : -1; 403 } 404 405 return 0; 406 } 407 408 void 409 OpenSSLAdapter::Error(const char* context, int err, bool signal) { 410 LOG(LS_WARNING) << "OpenSSLAdapter::Error(" 411 << context << ", " << err << ")"; 412 state_ = SSL_ERROR; 413 SetError(err); 414 if (signal) 415 AsyncSocketAdapter::OnCloseEvent(this, err); 416 } 417 418 void 419 OpenSSLAdapter::Cleanup() { 420 LOG(LS_INFO) << "Cleanup"; 421 422 state_ = SSL_NONE; 423 ssl_read_needs_write_ = false; 424 ssl_write_needs_read_ = false; 425 custom_verification_succeeded_ = false; 426 427 if (ssl_) { 428 SSL_free(ssl_); 429 ssl_ = NULL; 430 } 431 432 if (ssl_ctx_) { 433 SSL_CTX_free(ssl_ctx_); 434 ssl_ctx_ = NULL; 435 } 436 } 437 438 // 439 // AsyncSocket Implementation 440 // 441 442 int 443 OpenSSLAdapter::Send(const void* pv, size_t cb) { 444 //LOG(LS_INFO) << "OpenSSLAdapter::Send(" << cb << ")"; 445 446 switch (state_) { 447 case SSL_NONE: 448 return AsyncSocketAdapter::Send(pv, cb); 449 450 case SSL_WAIT: 451 case SSL_CONNECTING: 452 SetError(EWOULDBLOCK); 453 return SOCKET_ERROR; 454 455 case SSL_CONNECTED: 456 break; 457 458 case SSL_ERROR: 459 default: 460 return SOCKET_ERROR; 461 } 462 463 // OpenSSL will return an error if we try to write zero bytes 464 if (cb == 0) 465 return 0; 466 467 ssl_write_needs_read_ = false; 468 469 int code = SSL_write(ssl_, pv, cb); 470 switch (SSL_get_error(ssl_, code)) { 471 case SSL_ERROR_NONE: 472 //LOG(LS_INFO) << " -- success"; 473 return code; 474 case SSL_ERROR_WANT_READ: 475 //LOG(LS_INFO) << " -- error want read"; 476 ssl_write_needs_read_ = true; 477 SetError(EWOULDBLOCK); 478 break; 479 case SSL_ERROR_WANT_WRITE: 480 //LOG(LS_INFO) << " -- error want write"; 481 SetError(EWOULDBLOCK); 482 break; 483 case SSL_ERROR_ZERO_RETURN: 484 //LOG(LS_INFO) << " -- remote side closed"; 485 SetError(EWOULDBLOCK); 486 // do we need to signal closure? 487 break; 488 default: 489 //LOG(LS_INFO) << " -- error " << code; 490 Error("SSL_write", (code ? code : -1), false); 491 break; 492 } 493 494 return SOCKET_ERROR; 495 } 496 497 int 498 OpenSSLAdapter::Recv(void* pv, size_t cb) { 499 //LOG(LS_INFO) << "OpenSSLAdapter::Recv(" << cb << ")"; 500 switch (state_) { 501 502 case SSL_NONE: 503 return AsyncSocketAdapter::Recv(pv, cb); 504 505 case SSL_WAIT: 506 case SSL_CONNECTING: 507 SetError(EWOULDBLOCK); 508 return SOCKET_ERROR; 509 510 case SSL_CONNECTED: 511 break; 512 513 case SSL_ERROR: 514 default: 515 return SOCKET_ERROR; 516 } 517 518 // Don't trust OpenSSL with zero byte reads 519 if (cb == 0) 520 return 0; 521 522 ssl_read_needs_write_ = false; 523 524 int code = SSL_read(ssl_, pv, cb); 525 switch (SSL_get_error(ssl_, code)) { 526 case SSL_ERROR_NONE: 527 //LOG(LS_INFO) << " -- success"; 528 return code; 529 case SSL_ERROR_WANT_READ: 530 //LOG(LS_INFO) << " -- error want read"; 531 SetError(EWOULDBLOCK); 532 break; 533 case SSL_ERROR_WANT_WRITE: 534 //LOG(LS_INFO) << " -- error want write"; 535 ssl_read_needs_write_ = true; 536 SetError(EWOULDBLOCK); 537 break; 538 case SSL_ERROR_ZERO_RETURN: 539 //LOG(LS_INFO) << " -- remote side closed"; 540 SetError(EWOULDBLOCK); 541 // do we need to signal closure? 542 break; 543 default: 544 //LOG(LS_INFO) << " -- error " << code; 545 Error("SSL_read", (code ? code : -1), false); 546 break; 547 } 548 549 return SOCKET_ERROR; 550 } 551 552 int 553 OpenSSLAdapter::Close() { 554 Cleanup(); 555 state_ = restartable_ ? SSL_WAIT : SSL_NONE; 556 return AsyncSocketAdapter::Close(); 557 } 558 559 Socket::ConnState 560 OpenSSLAdapter::GetState() const { 561 //if (signal_close_) 562 // return CS_CONNECTED; 563 ConnState state = socket_->GetState(); 564 if ((state == CS_CONNECTED) 565 && ((state_ == SSL_WAIT) || (state_ == SSL_CONNECTING))) 566 state = CS_CONNECTING; 567 return state; 568 } 569 570 void 571 OpenSSLAdapter::OnConnectEvent(AsyncSocket* socket) { 572 LOG(LS_INFO) << "OpenSSLAdapter::OnConnectEvent"; 573 if (state_ != SSL_WAIT) { 574 ASSERT(state_ == SSL_NONE); 575 AsyncSocketAdapter::OnConnectEvent(socket); 576 return; 577 } 578 579 state_ = SSL_CONNECTING; 580 if (int err = BeginSSL()) { 581 AsyncSocketAdapter::OnCloseEvent(socket, err); 582 } 583 } 584 585 void 586 OpenSSLAdapter::OnReadEvent(AsyncSocket* socket) { 587 //LOG(LS_INFO) << "OpenSSLAdapter::OnReadEvent"; 588 589 if (state_ == SSL_NONE) { 590 AsyncSocketAdapter::OnReadEvent(socket); 591 return; 592 } 593 594 if (state_ == SSL_CONNECTING) { 595 if (int err = ContinueSSL()) { 596 Error("ContinueSSL", err); 597 } 598 return; 599 } 600 601 if (state_ != SSL_CONNECTED) 602 return; 603 604 // Don't let ourselves go away during the callbacks 605 //PRefPtr<OpenSSLAdapter> lock(this); // TODO: fix this 606 if (ssl_write_needs_read_) { 607 //LOG(LS_INFO) << " -- onStreamWriteable"; 608 AsyncSocketAdapter::OnWriteEvent(socket); 609 } 610 611 //LOG(LS_INFO) << " -- onStreamReadable"; 612 AsyncSocketAdapter::OnReadEvent(socket); 613 } 614 615 void 616 OpenSSLAdapter::OnWriteEvent(AsyncSocket* socket) { 617 //LOG(LS_INFO) << "OpenSSLAdapter::OnWriteEvent"; 618 619 if (state_ == SSL_NONE) { 620 AsyncSocketAdapter::OnWriteEvent(socket); 621 return; 622 } 623 624 if (state_ == SSL_CONNECTING) { 625 if (int err = ContinueSSL()) { 626 Error("ContinueSSL", err); 627 } 628 return; 629 } 630 631 if (state_ != SSL_CONNECTED) 632 return; 633 634 // Don't let ourselves go away during the callbacks 635 //PRefPtr<OpenSSLAdapter> lock(this); // TODO: fix this 636 637 if (ssl_read_needs_write_) { 638 //LOG(LS_INFO) << " -- onStreamReadable"; 639 AsyncSocketAdapter::OnReadEvent(socket); 640 } 641 642 //LOG(LS_INFO) << " -- onStreamWriteable"; 643 AsyncSocketAdapter::OnWriteEvent(socket); 644 } 645 646 void 647 OpenSSLAdapter::OnCloseEvent(AsyncSocket* socket, int err) { 648 LOG(LS_INFO) << "OpenSSLAdapter::OnCloseEvent(" << err << ")"; 649 AsyncSocketAdapter::OnCloseEvent(socket, err); 650 } 651 652 // This code is taken from the "Network Security with OpenSSL" 653 // sample in chapter 5 654 655 bool OpenSSLAdapter::VerifyServerName(SSL* ssl, const char* host, 656 bool ignore_bad_cert) { 657 if (!host) 658 return false; 659 660 // Checking the return from SSL_get_peer_certificate here is not strictly 661 // necessary. With our setup, it is not possible for it to return 662 // NULL. However, it is good form to check the return. 663 X509* certificate = SSL_get_peer_certificate(ssl); 664 if (!certificate) 665 return false; 666 667 // Logging certificates is extremely verbose. So it is disabled by default. 668 #ifdef LOG_CERTIFICATES 669 { 670 LOG(LS_INFO) << "Certificate from server:"; 671 BIO* mem = BIO_new(BIO_s_mem()); 672 X509_print_ex(mem, certificate, XN_FLAG_SEP_CPLUS_SPC, X509_FLAG_NO_HEADER); 673 BIO_write(mem, "\0", 1); 674 char* buffer; 675 BIO_get_mem_data(mem, &buffer); 676 LOG(LS_INFO) << buffer; 677 BIO_free(mem); 678 679 char* cipher_description = 680 SSL_CIPHER_description(SSL_get_current_cipher(ssl), NULL, 128); 681 LOG(LS_INFO) << "Cipher: " << cipher_description; 682 OPENSSL_free(cipher_description); 683 } 684 #endif 685 686 bool ok = false; 687 int extension_count = X509_get_ext_count(certificate); 688 for (int i = 0; i < extension_count; ++i) { 689 X509_EXTENSION* extension = X509_get_ext(certificate, i); 690 int extension_nid = OBJ_obj2nid(X509_EXTENSION_get_object(extension)); 691 692 if (extension_nid == NID_subject_alt_name) { 693 #if OPENSSL_VERSION_NUMBER >= 0x10000000L 694 const X509V3_EXT_METHOD* meth = X509V3_EXT_get(extension); 695 #else 696 X509V3_EXT_METHOD* meth = X509V3_EXT_get(extension); 697 #endif 698 if (!meth) 699 break; 700 701 void* ext_str = NULL; 702 703 // We assign this to a local variable, instead of passing the address 704 // directly to ASN1_item_d2i. 705 // See http://readlist.com/lists/openssl.org/openssl-users/0/4761.html. 706 unsigned char* ext_value_data = extension->value->data; 707 708 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL 709 const unsigned char **ext_value_data_ptr = 710 (const_cast<const unsigned char **>(&ext_value_data)); 711 #else 712 unsigned char **ext_value_data_ptr = &ext_value_data; 713 #endif 714 715 if (meth->it) { 716 ext_str = ASN1_item_d2i(NULL, ext_value_data_ptr, 717 extension->value->length, 718 ASN1_ITEM_ptr(meth->it)); 719 } else { 720 ext_str = meth->d2i(NULL, ext_value_data_ptr, extension->value->length); 721 } 722 723 STACK_OF(CONF_VALUE)* value = meth->i2v(meth, ext_str, NULL); 724 for (int j = 0; j < sk_CONF_VALUE_num(value); ++j) { 725 CONF_VALUE* nval = sk_CONF_VALUE_value(value, j); 726 // The value for nval can contain wildcards 727 if (!strcmp(nval->name, "DNS") && string_match(host, nval->value)) { 728 ok = true; 729 break; 730 } 731 } 732 sk_CONF_VALUE_pop_free(value, X509V3_conf_free); 733 value = NULL; 734 735 if (meth->it) { 736 ASN1_item_free(reinterpret_cast<ASN1_VALUE*>(ext_str), 737 ASN1_ITEM_ptr(meth->it)); 738 } else { 739 meth->ext_free(ext_str); 740 } 741 ext_str = NULL; 742 } 743 if (ok) 744 break; 745 } 746 747 char data[256]; 748 X509_name_st* subject; 749 if (!ok 750 && ((subject = X509_get_subject_name(certificate)) != NULL) 751 && (X509_NAME_get_text_by_NID(subject, NID_commonName, 752 data, sizeof(data)) > 0)) { 753 data[sizeof(data)-1] = 0; 754 if (_stricmp(data, host) == 0) 755 ok = true; 756 } 757 758 X509_free(certificate); 759 760 // This should only ever be turned on for debugging and development. 761 if (!ok && ignore_bad_cert) { 762 LOG(LS_WARNING) << "TLS certificate check FAILED. " 763 << "Allowing connection anyway."; 764 ok = true; 765 } 766 767 return ok; 768 } 769 770 bool OpenSSLAdapter::SSLPostConnectionCheck(SSL* ssl, const char* host) { 771 bool ok = VerifyServerName(ssl, host, ignore_bad_cert()); 772 773 if (ok) { 774 ok = (SSL_get_verify_result(ssl) == X509_V_OK || 775 custom_verification_succeeded_); 776 } 777 778 if (!ok && ignore_bad_cert()) { 779 LOG(LS_INFO) << "Other TLS post connection checks failed."; 780 ok = true; 781 } 782 783 return ok; 784 } 785 786 #if _DEBUG 787 788 // We only use this for tracing and so it is only needed in debug mode 789 790 void 791 OpenSSLAdapter::SSLInfoCallback(const SSL* s, int where, int ret) { 792 const char* str = "undefined"; 793 int w = where & ~SSL_ST_MASK; 794 if (w & SSL_ST_CONNECT) { 795 str = "SSL_connect"; 796 } else if (w & SSL_ST_ACCEPT) { 797 str = "SSL_accept"; 798 } 799 if (where & SSL_CB_LOOP) { 800 LOG(LS_INFO) << str << ":" << SSL_state_string_long(s); 801 } else if (where & SSL_CB_ALERT) { 802 str = (where & SSL_CB_READ) ? "read" : "write"; 803 LOG(LS_INFO) << "SSL3 alert " << str 804 << ":" << SSL_alert_type_string_long(ret) 805 << ":" << SSL_alert_desc_string_long(ret); 806 } else if (where & SSL_CB_EXIT) { 807 if (ret == 0) { 808 LOG(LS_INFO) << str << ":failed in " << SSL_state_string_long(s); 809 } else if (ret < 0) { 810 LOG(LS_INFO) << str << ":error in " << SSL_state_string_long(s); 811 } 812 } 813 } 814 815 #endif // _DEBUG 816 817 int 818 OpenSSLAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) { 819 #if _DEBUG 820 if (!ok) { 821 char data[256]; 822 X509* cert = X509_STORE_CTX_get_current_cert(store); 823 int depth = X509_STORE_CTX_get_error_depth(store); 824 int err = X509_STORE_CTX_get_error(store); 825 826 LOG(LS_INFO) << "Error with certificate at depth: " << depth; 827 X509_NAME_oneline(X509_get_issuer_name(cert), data, sizeof(data)); 828 LOG(LS_INFO) << " issuer = " << data; 829 X509_NAME_oneline(X509_get_subject_name(cert), data, sizeof(data)); 830 LOG(LS_INFO) << " subject = " << data; 831 LOG(LS_INFO) << " err = " << err 832 << ":" << X509_verify_cert_error_string(err); 833 } 834 #endif 835 836 // Get our stream pointer from the store 837 SSL* ssl = reinterpret_cast<SSL*>( 838 X509_STORE_CTX_get_ex_data(store, 839 SSL_get_ex_data_X509_STORE_CTX_idx())); 840 841 OpenSSLAdapter* stream = 842 reinterpret_cast<OpenSSLAdapter*>(SSL_get_app_data(ssl)); 843 844 if (!ok && custom_verify_callback_) { 845 void* cert = 846 reinterpret_cast<void*>(X509_STORE_CTX_get_current_cert(store)); 847 if (custom_verify_callback_(cert)) { 848 stream->custom_verification_succeeded_ = true; 849 LOG(LS_INFO) << "validated certificate using custom callback"; 850 ok = true; 851 } 852 } 853 854 // Should only be used for debugging and development. 855 if (!ok && stream->ignore_bad_cert()) { 856 LOG(LS_WARNING) << "Ignoring cert error while verifying cert chain"; 857 ok = 1; 858 } 859 860 return ok; 861 } 862 863 bool OpenSSLAdapter::ConfigureTrustedRootCertificates(SSL_CTX* ctx) { 864 // Add the root cert that we care about to the SSL context 865 int count_of_added_certs = 0; 866 for (int i = 0; i < ARRAY_SIZE(kSSLCertCertificateList); i++) { 867 const unsigned char* cert_buffer = kSSLCertCertificateList[i]; 868 size_t cert_buffer_len = kSSLCertCertificateSizeList[i]; 869 X509* cert = d2i_X509(NULL, &cert_buffer, cert_buffer_len); 870 if (cert) { 871 int return_value = X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx), cert); 872 if (return_value == 0) { 873 LOG(LS_WARNING) << "Unable to add certificate."; 874 } else { 875 count_of_added_certs++; 876 } 877 X509_free(cert); 878 } 879 } 880 return count_of_added_certs > 0; 881 } 882 883 SSL_CTX* 884 OpenSSLAdapter::SetupSSLContext() { 885 SSL_CTX* ctx = SSL_CTX_new(TLSv1_client_method()); 886 if (ctx == NULL) { 887 unsigned long error = ERR_get_error(); // NOLINT: type used by OpenSSL. 888 LOG(LS_WARNING) << "SSL_CTX creation failed: " 889 << '"' << ERR_reason_error_string(error) << "\" " 890 << "(error=" << error << ')'; 891 return NULL; 892 } 893 if (!ConfigureTrustedRootCertificates(ctx)) { 894 SSL_CTX_free(ctx); 895 return NULL; 896 } 897 898 #ifdef _DEBUG 899 SSL_CTX_set_info_callback(ctx, SSLInfoCallback); 900 #endif 901 902 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback); 903 SSL_CTX_set_verify_depth(ctx, 4); 904 SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); 905 906 return ctx; 907 } 908 909 } // namespace talk_base 910 911 #endif // HAVE_OPENSSL_SSL_H 912
